Upload
men-mikro-elektronik-gmbh
View
232
Download
3
Embed Size (px)
Citation preview
Textmasterformat bearbeiten
Second Level
Third Level– Fourth Level
Fifth Level
February 17, 2017
MTCS – Modular Train Control System
217.02.2017
Unique Liaison between Modularity and Safety
Open and modular railway computer platform Based on standard hardware and software Freely programmable
Certifiable up to SIL 4 Complies with EN5012x, EN 50155 and EN 50121-4 railway standard Scalable safety-level - solely determined by application requirements Comes with certification packages with certification from TÜV SÜD
317.02.2017
MTCS Innovations – Your Benefits
Suitable for wayside and rolling stock
Pre-certified hardware and software
No fixed end application
Usage of open standards
Family concept
Open software interfaces
Various applications with one safe platform
Real-time Ethernet connection
Additional remote I/O boxes
Synergy effects
Low risk, saves cost and time
Application remains on customer side
Interoperability, independent of single supplier
Future-safe, long life-cycles
Highest programming flexibility
Saves costs and installation efforts
Safe and fast I/O with growing I/O family
Less cabling, unlimited system extension
4
Two Birds with One Stone –MTCS for Rolling Stock and Wayside ApplicationsRolling Stock Synergy effects
Wayside
CBI – Computer Based Interlocking
CBTC – Communication Based Train Control
TCMS – Train Control Management System
ATO / ATP – Automated Train Control / Protection (for ETCS,
PTC, CTCS, Klub-U)MTCS suitable for all safety-relevant rail applications
Saves costs and time-to-market
5
Typical Use Case – On-Board Unit for ETCS
ETCS is the European train protection system Train separation or collision avoidance Line speed enforcement (emergency brake) Temporary speed restrictions
MTCS provides major functions of the EVC (European Vital Computer) GSM-R communication ETCS application computer Interfaces to other ETCS equipment Interfaces to train
MVB
Profibus
Balise Ethernet
GSM-R
Train Interfaces
6
The Key for Variety –Separation of Control and Application
User Safety Application
Pre-Certified Platform Software
Pre-Certified Hardware Components
Done by MEN
Done by Customer
Competitive advantage through full function control
Best use of core competencies for all parties
One platform – many applications
7
Safe Domain and I/O Domain
Safe I/OMVB, Profibus, Ethernet…
Virtual Safe CPU
CPU 3 – I/O processor
CPU 2Sync/CompareCPU 1
Platform SWPlatform SW
EtherCAT masterPeripheral drivers
Safe communication through black channel
Limits the effort of safe application programming
Accelerates software development
Fail-silent architecture
8
The Software Architecture Behind –Safe Domain and I/O Domain
Pre-Certified Hardware Components
Application independent of hardware
User Safety Application
Safety Communication Layer
Safe QNX / Safe BSP
User Safety Application
Safety Communication Layer
Safe QNX / Safe BSP
Safe Domain (CPU board) I/O Domain (CPU board)
Non-Safe Application Communication, Diagnosis, Services
Driver Libraries
Linux (Soft Real-Time)
Safe Domain (I/O board)
Safety Communication Layer
I/O domain SW changeable without recertification
Many applications with one platform – saves cost
Pre-Certified Platform Software
Separation between safe application (QNX) and communication (Linux)
Double execution of safe application on two separated processors Synchronization and compare between CPs and communication
layer Different applications on one safety platform through high-
performance CPUs and QNX partitioning
9
Endless Programming Possibilities
User Safety Application
Safety Communication Layer
Safe QNX / Safe BSP
User Safety Application
Safety Communication Layer
Safe QNX / Safe BSP
Safe Domain (CPU board) I/O Domain (CPU board)
Non-Safe Application Communication, Diagnosis, Services
Driver Libraries
Linux (Soft Real-Time)
Based on open software interfaces (open API) and standard operating systems
Standard POSIX programming interface
Programming of safe domain application possible in: C
Model-based (e.g. SCADE)
Soft PLC
Ada
Highest flexibility
Reduces overall cost
Future proof architecture
Compatible successorproducts scheduled
Saves your softwareinvestment
10
MTCS Family Members
Controller Unit MH50C, based on dual-redundant CPU board F75P For up to 6 I/O boards (either safe I/O
boards or usual interface boards for Ethernet, Wi-Fi, GPS, MVB etc.)
Wide-range DC or AC power supply
Safe I/O cards for binary input/output and frequency input (more functions scheduled) For use in controller unit or remote I/O
boxes
Safe remote I/O extension boxes Up to 4, 6, or 8 certifiable safe I/O boards
Real-time Ethernet interface with chassis configuration switch
Compact housing
Flexible configuration options
Expandable with up to 63 remote I/O boxes
Scalable SIL levels (single cards for SIL 2,two cards for SIL 3 / 4)
Close connection toactors / sensors (lesscabling)
Improves signal integrity
For virtually endless system extension
11
Communication via Real-Time Ethernet
No Ethernet switchesneeded
High availability with littlecabling effort
All I/Os (control unit and remote I/O boxes) are connected via real-time Ethernet ”EtherCAT“
Communication protected via Safety over EtherCAT (FSOE) protocol
Connected in a ring topology Tolerates single failures like broken cables
Safe and fast I/O throughSafety over EtherCat
MH50C MTCS Controller
MTCS Remote I/O MTCS Remote I/O MTCS Remote I/O
Remote IO reduces cablingeffort / better signal integrity
12
MTCS Components with Guaranteed Safety
TÜV Certificate
TÜV Assessment Report
Safety CaseSafety User Guide
F75P QNXBSP
QNX Drivers
Pre-certification saves cost and time
Safe CPU board F75P
Safe I/O cards
Lowers project risk on customer side
13
Open and Modular System
MTCS is exclusively based on open industry standards in hardware, software and communication
Independence from singlesupplier
Easy integration of thirdparty products
Easy exchange of obsolete products
Standard hardware with X86 host controller
CompactPCI industry standard
Standard OS (QNX, Linux)
Standard Ethernet communication
Standard POSIX interface for programming in “C”
14
Compliance to Market Standards
Safety requirements EN 50126: Railway applications – The
Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)
EN 50128: Railway applications –Communications, signaling and processing systems - Software for railway control and protection systems
EN 50129: Railway applications –Communications, signaling and processing systems – Safety related electronic systems for signaling
Environmental requirements EN 50155 compliance Extended temperature range Shock and vibration resistant Conformal coating EMC-compatible with EN 50121-4
Immediately rail-ready
Qualified and tested for reliable operation
15
Family Concept and Life-Cycle Management
Guaranteed availability of 10 years for all single products
Change effect analysis document gives complete traceability in case of redesign
Easy exchange of single parts through open standards
Growing family of hardware components including software packages until 2050 scheduled
Unlimited life-cycle possible
Growing product range forindividual requirements
16
Unique Solution for the Rail Market
Usable for a multitude of varying rail applications through high modularity
Completely based on standards also reducing life-cycle cost of each rail project
Significant cost and time saving through pre-certification of hardware and software
Certification packages with certificate from TÜV SÜD
Compliant to all relevant safety and environmental standards